3.3 Manual Vulnerability Assessment Lab Part 2

00:01

welcome to the second part of the course.

00:03

Now we're gonna go ahead and log in to the Windows seven Land machine user, user name, administrator

00:10

password is password within that sign.

00:15

Once we're in, we're gonna go to the start menu Type in sec, Paul, I'm a dot MSC and hit Enter.

00:30

Once we're there, we're gonna go to a local policies and then click on audit policy. The audit object asked access and then double click on that.

00:43

You want to check both boxes

00:45

under audit these attempts? So success and failure and then click. Okay.

00:58

Next, we're gonna open a file Explorer window and go to see program files Splunk bin and then Splunk, Dottie XY

01:26

right click on Splunk and then hit properties. And then from there we're gonna click on the security top and then go to advanced.

01:36

Next, we're gonna click on auditing and then click at it.

01:38

Go ahead and hit ad and then type everyone into the field

01:47

once you click. Okay, there'll be a window that pops up in that window. You're gonna check everything under successful and failed and then click OK again

01:59

once you're finished with this, go ahead. and reboot your machine.

02:10

Now we're gonna go ahead and verify the auditing. So we're gonna go back to Kelly.

02:25

Once you're back in Cali, click applications and then go to Internet and then click ice weasel for your browser

02:38

in the browser, you're gonna type http dot dot slash slash 192.168 dot 0.20 colon 8000.

03:05

Quick continue

03:08

doesn't click. Search in reporting

03:13

and then click on reports.

03:22

Now we're going to go back and log into the window. Seven. Machine.

03:37

Go to the start menu in type in event viewer. Dottie XY.

03:50

Under Windows logs, click on Security

03:58

and then in the right pane, click find and in the box that pops up type Splunk, Dottie XY and hit Find.

04:25

Go ahead and find the last five object access logs. First bunk.